In case anyone was wondering the same thing, here is the syntax for the time fields: Not sure if days can be incorporated or not. I assume so, so if anyone has an example I would appreciate it.
<time>6 am - 6 pm</time> From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of Nelson, James Sent: Monday, August 13, 2012 8:55 AM To: ossec-list@googlegroups.com Subject: [ossec-list] Ignoring alerts at certain times of the day How would I write a custom rule to set the level of certain rules to 0 during a specific time of day. For example, I want to ignore logins on a machine during office hours. Thanks
